Jump Crypto (JC) released a research article on Dec. 21 analyzing Proof of Solvency (PoS) vulnerabilities and how PoS works in theory — but fails in practice.
In the article, the research-driven quantitative trading firm state:
“For proof of solvency mechanisms to prevent an exchange from misappropriating consumer deposits, consumers must check that their deposits are included in the exchange’s reported list of deposits.”
As the mechanism used by exchanges to show the holding deposits of customers, the report indicated that the PoS mechanism is not always effective in practice.
“If exchanges can predict future attestations or sow doubt on failed attestations, they can successfully misappropriate consumer funds.”
JC stated that the “strong probability guarantees” that back up PoS in theory “are remarkably brittle in practice.”
Flaws in practice
JC’s findings stated three perspectives that reveal flaws in the dependability of PoS mechanisms. They are:
- From a verifiability perspective: JC stated that “exchanges may not control the on-chain addresses that they claim.”
- From a financial perspective: JC stated that PoS “does not guarantee actual corporate solvency, as exchanges hold other assets and liabilities on their balance sheet.”
- From a technical perspective: JC stated that PoS “is not necessarily plug-and-play and requires care in selecting the appropriate approach.”
JC acknowledged that the crypto community is already partly aware of these flaws but suggested further consideration regarding exchange suppression of failed PoS checks.
Failed PoS checks
JC suggested that it is essential for both exchanges and users — to consider the mechanism for users to launch checks and to raise potential issues to restore the effectiveness of PoS.
“An exchange can likely predict which consumers will check, and an exchange can also likely suppress a handful of failed checks — which means it can weaken or undermine the probabilistic security that proof of solvency offers.”
JC also suggested that users learn adjudication mechanisms for failed PoS checks.
“If a check fails, there are often no official mechanisms to escalate or verify, leaving users to publicize it on Twitter or other social channels.”
By publicizing on social media, JC stated that “a lone voice, or a handful of voices arguing on Twitter, can easily be mistaken for FUD.”
JC also warned that malicious exchanges could “easily lean into this narrative,” turning public user critique against them, labeling them as “engagement farmers and convincing their userbases to ignore them.”
JC stated five distinct changes that exchanges could implement to help mitigate the vulnerabilities discussed — but flaws remain:
- Exchanges can assist users in verifying financial stability, but this may result in exchanges collecting more user information and potentially confusing users.
- Exchanges can offer rewards for finding incorrect attestations, but this may lead to false positives and no consequences for false accusations.
- Exchanges can automatically send tree or user-specific proofs to users, which may increase false positives and discourage new users.
- Exchanges can generate proof faster and more frequently, which may allow exchanges to alter proof after investigation.
- Exchanges can use undercover auditors, but this may decrease trust in the process.
JC concluded the research article by stating:
“This article is not a critique of exchanges, which are rapidly building up their proof of solvency infrastructures. These are commendable and timely efforts, and we anticipate that these mechanisms will become more commonplace and mature over time.”